Cloud Hosting and Infrastructure Support Services

Service scope

Service constraints: Our services do not have any constraints.
System requirements: Provision of Software license to use Microsoft Project

Provision of Software license to use Microsoft Visio

Provision of Software license to Microsoft Office Products

User support

Email or online ticketing support: Yes, at extra cost
Support response times: Response times are the same at weekends. Response times are between 9am to 5pm Saturday and Sunday. Support outside of these times are possible but at a mutually agreed cost.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: WCAG 2.1 AAA
Phone support: Yes
Phone support availability: 9 to 5 (UK time), Monday to Friday
Web chat support: No
Onsite support: Yes, at extra cost
Support levels: The following support levels are provided:
Account Manager - £900 per day (regularity to be mutually agreed with Client)
Programme Manager - £850 per day;
Senior Project Manager - £780 per day
Project Manager - £725 per day
Communications Manager - £600 per day
Project Management Office Support - £520 per day
Technical Architect - £700 per day
Digital Development Operatative (Digital DevOps) - £650 per day
SharePoint Administrator - £500 per day
SharePoint Support - £400 per day
Support available to third parties: Yes

Onboarding and offboarding

Getting started: All Software or Systems delivered as part of the services we provide to our clients are supported by End User Guidance and Frequently Answered Questions documentation. In addition to this documentation AJACO would encourage End User Communications to compliment any such documentation produced by AJACO.
Service documentation: Yes
Documentation formats: PDF
End-of-contract data extraction: At the end of the contract AJACO produce a report in Microsoft Excel, listing all costs incurred on a month by month basis including a total amount incurred as a result of providing services to the client. AJACO also report what was originally agreed with the client, communicating the variance (both positive or negative). At the end of each month (in arrears) AJACO produce an equivalent report and on this basis are able to provide forecasts based on current programme and project status.
End-of-contract process: At the end of the Contract, all reports including completion statements and a Lessons Learned report are produced within the price of the contract. This also includes to the transition of any services to Business As Usual including the migration of all users so long at these activities fall within the agreed contract period. Subject to Client agreement AJACO would submit a follow on Memorandum of Understanding to support any future work subject to Commercial, Portfolio and Programme management approval.

Using the service

Web browser interface: No
API: No
Command line interface: No

Scaling

Scaling available: Yes
Scaling type: Manual
Independence of resources: It is paramount that the services we provide is of the highest quality and is not affected by the demand of other users. Regular internal quality reviews are carried out to ensure all risks and issues are identified and effectively communicated to the client. Resourcing is maintained within the scope of AJACO's agreement with the client. Any external project or programme risk will be maintained by supporting the client by determining whether any external factors should be addressed by a separate agreement as agreed with the Client. Prioritisation of such risk will be progressed once agreed with the client.
Usage notifications: Yes
Usage reporting: Email

Analytics

Infrastructure or application metrics: Yes
Metrics types: CPU

Disk

HTTP request and response status

Memory

Network

Number of active instances
Reporting types: Real-time dashboards

Regular reports

Reports on request

Resellers

Supplier type: Not a reseller

Staff security

Staff security clearance: Conforms to BS7858:2019
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom
User control over data storage and processing locations: Yes
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: At least once a year
Penetration testing approach: In-house
Protecting data at rest: Physical access control, complying with another standard

Encryption of all physical media
Data sanitisation process: Yes
Data sanitisation type: Deleted data can’t be directly accessed
Equipment disposal approach: In-house destruction process

Backup and recovery

Backup and recovery: No

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

Bonded fibre optic connections
Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability: AJACO guarantee to provide Professional Quality Consultancy services. Our operating hours are Monday to Friday 9am to 6pm. Our SLA when dealing with any queries and issues outside of these times is within a timely manner and within a Professional Working Day. Timely manner would depend on the severity of the issue raised. A Severity 1 issue would result in a response within 2 hours of the issue being raised. However if the issue is raised outside of a Professional Working day a response will be returned by 9am the following business day. If we are unable to meet guaranteed levels of availability then we will compensate the client by providing an agreed amount of extended consultancy time at either a reduced or at no cost.
Approach to resilience: AJACO's approach to resilience is based on identifying levels of risk when faced with the likelihood of a disturbance, surprise or uncertainty with a service provided. AJACO encourages solution providers to ensure reliability and system resilience by introducing backup systems, mirrored hardware, load balancing, correctly scoped hardware and correctly configured software to maximise resilience and to prevent system hardware or software failure. From a Testing and Test Support Services perspective AJACO ensure its services are resilient by ensuring consultants are equipped with correct resources in order to fulfill buyer objectives. AJACO also ensure consultants are able to be substituted subject to establishing a mutual agreement with the buyer, providing substituted consultants with a suitable project handover as required by both the buyer and the project(s) being affected.
Outage reporting: Outage reports are issued via email alerts, face to face notifications, remotely by telephone and via associated suppliers (where and as required by the buyer).

Identity and authentication

User authentication: 2-factor authentication
Access restrictions in management interfaces and support channels: Access restrictions in management interfaces and support channels would be approached by initially implementing protective marking and password protection if the nature of the the interfaces are documentation related. If system related then such systems would need to be restricted to specific end user groups, which include users who have the correct level of security clearance to access such information. Time restrictions must also be considered for system related interfaces. Such systems should be restricted to business hours where support is usually more readily available.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Username or password
Devices users manage the service through: Dedicated device on a government network (for example PSN)

Audit information for users

Access to user activity audit information: Users contact the support team to get audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: No
ISO 28000:2007 certification: No
CSA STAR certification: No
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: Ability to adhere to CESG guidelines

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: No
Security governance approach: All our Consultants either have Security Clearance (SC) or Developed Vetting (DV) level clearance. Where consultants on appointment fall shorty of SC clearance, SC clearance will be applied for as advised and supported by the client and in accordance to the security level they are to be exposed to. As a minimum, if any of our consultants are neither SC or DV cleared we ensure they have been successfully DBS checked.
Information security policies and processes: AJACO ensures that all consultants adhere to best practice, recognising information security practices as set or/and adhered by the buyer. All AJACO consultants apply the correct level of security control to their day to day activities in line with good practice and applicable regulation and legislation. All documentation is formatted, controlled and distributed in line with buyer requirements. AJACO carry out regular peer reviews to ensure compliance is regulated and monitored. Any issues of non-compliance, information risks or incidents are raised with the Buyer through an agreed escalation path and via the relevant Security departments as required. AJACO adheres to the following acts: - HMG Security Policy Framework. - ISO27001:2005 / ISO/IEC17799:2000. Information Technology – Information - Security management systems requirements. - ISO27002:2005. Code of practice for information security management systems. - ISO27005:2008. Information Security Risk Management. - Freedom of Information Act 2000. - Data Protection Act 1998. - Regulation of Investigatory Powers Act 2000. - Computer Misuse Act 1990.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: 1) Request for Change - clarifying objectives and goals.
2) Impact Analysis - identifying resources that will facilitate the process through to delivery and completion. To determine the level of buy-in from the client and all parties involved. To assess from respective Security and Information Assurance impact to the proposed change.
3) Approve / Deny
4) Implement Change - To involve all parties required to deliver.
5) Review / Reporting - To assess how successful the delivery was in line with the goals and objectives of the change. To promote regular communication at all stages of the Change Management Process.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: All public service contract related information is either held on client provided devices or client shared drives. All secure information is maintained on client supplied equipment. These services are supported by client suppliers. The only information held on AJACO specific devices are timesheet or audit information for the purpose of AJACO only, As part of our services any vulnerabilities are reported immediately, captured on a RAID log recorded as part of our weekly reporting procedures. Such potential threats are obtained from public sector users of client services or from suppliers who are currently supporting client services.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: AJACO adheres to the buyer's business processes to oversee how products and services are used and also abused and in doing so:
a) seeks to adhere to and adopt an organisation-wide strategy
b) identify specifics as to how requirements will be delivered to each project
c) recognise and promote the value and benefits brought to the business
d) furnish the infrastructure needed to support requirements
e) ensure skilled consultants are able to adequately operate the infrastructure
f) to conduct reviews to ensure that the processes are performing to requirements
g) immediately report to the buyer any potential compromises identified.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: All incidents identified by AJACO, the buyers and supporting suppliers are maintained on a single spreadsheet clearly specifying the date identified, summary of issue, description, environmental condition, severity, priority, assignee and status. These incident reports are regularly communicated to all relevant parties within a project team and are reviewed internally within both AJACO, buyer and respective suppliers. All common events for example installation related are generally routed to Suppliers to resolve. User guidance notes are generally shared with the Communication Manager. All Severity 1 and 2 incidents are reported immediately to the assigned Project Managers appointed by the buyer.

Secure development

Approach to secure software development best practice: Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
Who implements virtualisation: Supplier
Virtualisation technologies used: Citrix XenServer
How shared infrastructure is kept separate: No infrastructure is shared. All infrastructure provided is done so by pre-agreement with the end-client. Technically, all infrastructure is appropriately positioned behind a suitable end-client approved firewall and penetration tested.

Energy efficiency

Energy-efficient datacentres: Yes
Description of energy efficient datacentres: Virtualisation is encouraged throughout both our and our supplier datacentres. Regular audits, electrical safety checks, energy consumption checks, issue recording (prioritisation including follow through to resolution) and risk assessments and are carried out to ensure energy efficiency, energy utilisation and safety is maintained.

Regular building audits are also carried out and appropriate action taken to ensure energy efficiency is continually improved. This includes the continual adherence to our companies and partner supplier companies environmental policies and through the continual communication of such policies and directives through our combined workforce.

Social Value

Fighting climate change
Covid-19 recovery
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

AJACO have five commitments to helping to combat against climate change:

1. Measuring and analysing greenhouse gas emissions
2. Encouraging sustainable commuting
3. Reducing wastage in the workplace
4. Investing in greener equipment and infrastructures
5. Reducing value-chain emissions.

Covid-19 recovery

AJACO have five commitments to support Covid-19 recovery:

1. Prioritising people safety and continuous engagement
2. Reshaping strategy for business continuity
3. Continuous communication with relevant stakeholders
4. Maximising the use of government support policies
5. Building resilience for the new normal

Tackling economic inequality

AJACO have five commitments to assisting with tackling economic inequality:

1. Paying staff above market average rates
2. Supporting workers with employment benefits
3. Providing encouragement and referencing support for asset building
4. Providing training support as and when required
5. Treating all workers with respect and ethnic equality.

Equal opportunity

AJACO have ten ways to adhere to equal opportunity:

1. Be open about gender pay inequality/equality
2. Be aware of unconscious bias
3. Acknowledge religious and cultural holidays
4. Encourage frequent employee feedback
5. Be aware of ageism and strive for a multigenerational workforce
6. Have strong anti-discrimination policies (and enforce them when needed)
7. Celebrate difference
8. Facilitate the use of pronouns
9. Identify and eradicate instances of ableism
10. Collective responsibility

Wellbeing

AJACO have an employee benefit package that enables round the clock support for employee wellbeing. This package covers the seven dimensions of wellness:

1. Physical
2. Emotional
3. Intellectual
4. Social
5. Spiritual
6. Environmental
7. Occupational

Pricing

Price: £300 to £900 a person a day
Discount for educational organisations: No
Free trial available: No

Cloud Hosting and Infrastructure Support Services

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Pricing

Service documents

Cookies on Digital Marketplace

Cloud Hosting and Infrastructure Support Services

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Backup and recovery

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Separation between users

Energy efficiency

Social Value

Pricing

Service documents